How The Computer Criminals Control Information – Types of Computer Crime

Tuesday, October 6th, 2009

As computer-related crimes become more prevalent, understanding the types of computer-related crimes provides law enforcement an insight for investigative strategies.

The first insight is knowing the types of computer crimes.

Computer as the Target

This computer crime includes theft of intellectual property. The offender accesses the operating program under the guise of the system’s manager. The intruder accesses the contents of computer files in the system through the trap door that permits access to systems should there be a human or technological problem.

Here, the offender uses the computer to obtain information or to damage operating programs while committing the following computer crimes:

  • Theft of marketing information, like customer lists, pricing data, or marketing plans
  • Blackmail based on information gained from computerized files, like the medical information, personal history, or sexual preference
  • Sabotage of intellectual property, marketing, pricing, or personnel data
  • Sabotage of operating systems and programs with the intent to impede a business or create chaos in a business operations
  • Unlawful access to criminal justice and other government records
  • Changing a criminal history, modifying want and warrant information
  • Creating a driver’s license, passport, or another document for false identification
  • Changing tax records or gaining access to intelligence files
  • Techno-vandalism through unauthorized access to damage files or programs
  • Techno-trespass violating the owner’s privacy as in criminal trespass

Computer as the Instrumentality of the Crime

Here, the processes of the computer facilitate the crime.

The computer criminal introduces a new code (programming instructions) to manipulate the computer’s analytical processes and for converting legitimate computer processes for the following illegitimate purposes:

  • Fraudulent use of automated teller machine (ATM) cards and accounts
  • Theft of money from accrual, conversion, or transfer accounts, credit card fraud, fraud from computer transactions like the stock transfers, sales, or billings and telecommunications fraud
  • Billing charges to other customers through cellular phones
  • Once they capture the computerized billing codes, the computer criminals program these codes into other cellular phones simply by hooking up the phone to a personal computer
  • Using software originally developed by programmers in other countries they reprogram the signal chip in the cellular phone
  • Share the same through underground computer bulletin board services (BBS)

Computer is incidental to other crimes

In this category of computer crime, the computer is not essential for the crime to occur.

In every following case, the systems merely facilitate the offenses:

  • Helping the computer crime to occur faster
  • Processing of greater amounts of information
  • Making the computer crime more difficult to identify and trace
  • Unlawful banking transactions and money laundering
  • Supporting unlawful activity via BBSs
  • Erasing or denying proper access of organized computer crime records or books, and bookmaking involving drug raids, money laundering seizures, and other arrests in encrypt the data or design
  • Allowing computer criminals to destroy the storage media, such as disks, to eliminate evidence of their illegal activities
  • Letting child pornographers exchange information through BBSs

These computer crimes require unique data recovery techniques in order to gain access to the evidence.

Computer Crimes Associated With the Prevalence of Computers

The presence of computers, and microcomputers, generates sinister mutations of the traditional crimes like the software piracy/counterfeiting, copyright violation of computer programs, counterfeit equipment, black market computer equipment and programs, and theft of technological equipment.

  • Violation of copyright restrictions of commercial software can result in the staggering loss to businesses
  • Hackers break into computers with the help of the software illegally written and sold
  • Successful computer programs, like the word processing, spreadsheets, and databases are duplicated, packaged, and sold illegally on a large scale
  • Just like the pirated audio and video tapes, counterfeit computers and peripherals (items such as modems and hard disks) are also manufactured and sold under the guise of originals

Legal Issues Of Computer Crimes

Some States have enacted laws specifically directed toward computer crimes, while other States rely fundamentally on the common law as it applies to current and emerging technology. The elements of a computer-related offense must be established for successful prosecution.

  • The physical act of a computer crime, actus reus, may be demonstrated best by an electronic impulse
  • It is difficult to define and track
  • A computer crime can occur in 3 milliseconds using a program code that tells the software to erase itself after the computer executes the action eliminating the evidentiary trail
  • Causation relates to the self-destruction of computer programs that facilitate computer crimes and an investigator can not show causation if the offender erases the executing instructions
  • The electronic data interchange (EDI) and its networks complicate the legal elements by making computer crimes more difficult for law enforcement to specify, document, and materially link the crime to an individual
  • The EDI connects parties via computer for contract negotiations, sales, collections, and other business transactions
  • The computer becomes the vault, with the EDI serving as the key to its contents
  • The ability to access data in the computer must be relatively easy in order to maximize business efficiency
  • Security controls must be introduced in order to protect the business’ “crown jewels”
  • Maximum security and easy accessibility are not compatible: As the businesses prefer user-friendly equipment, system security usually takes second priority
  • The phenomenal growth of computer BBSs, on-line services, and the Internet only serves to compound the problem

As a result, computer-related crimes become easier to perpetrate and more difficult to identify, investigate, and prove.

Special Problems with Computer Crime

Intellectual property consists of concepts, ideas, planning documents, designs, formulas, and other information-based materials intended for products or services that have some commercial value or represent original thoughts or theses. Crimes associated with intellectual property focus primarily on theft when the product has commercial value, as opposed to basic research or research for private use.

Intellectual Property:

  • Involves formulas, processes, components, structure, characteristics, and applications of new technologies and covers such areas as fiber optics, computer chip designs and conductivity, and telecommunications equipment, protocols, and technologies
  • Associated with the marketing and production of new technologies
  • Pricing information, marketing targets, product release dates, and production timetables

Computer Crimes by Malfeasance

The concept of computer crimes by malfeasance means that computer-related behavior stretches the bounds of legality and may be viewed as only technically wrong.

Some of the scenarios of malfeasance computer crimes:

  • A parent offers to copy a computer program for a school that cannot afford to buy the software
  • An employee secretly maintains a small database in an office computer as part of a sideline business
  • An individual uses someone else’s computer account number and password to view the contents of a database
  • A customer gives her unlisted telephone number as part of a sales transaction at a store. The store enters the number into a computerized database and later sells the data to a telemarketing firm without the customer’s permission
  • A university computer programmer develops a program to schedule classes as part of a job assignment. The programmer then accepts a job with another university and leaves with a copy of the program for use at the new place of employment

These computer crimes illustrate the gray areas of computer abuse, areas that fall increasingly on the shoulders of law enforcement to address and resolve.

International Issues:

Technological knowledge and expertise contribute to the growth of computer crime on an international level.

Businesses can make great use of the

  • Unifying measures
  • Open communications like the single, European-wide communication protocol
  • Strong profit-oriented EU market spanning 12 countries
  • Open borders
  • Unification of technology standard
  • Easier banking
  • Monetary transfers between countries

Computer criminals are taking undue advantage of all these issues as:

  • Emerging international crime-related issues
  • Industrial espionage/competitive intelligence
  • Economic/political espionage
  • Expansion of international organized crime beyond traditional areas
  • Theft of technological hardware

Computer criminals have adapted the advancements of computer technology to further their own illegal activities. Unfortunately, their actions have far out-paced the ability of police to respond effectively. Protocols must be developed for law enforcement to stall the various categories of computer crime. Investigators must know the materials to search and seize the electronic evidence to recover, and the chain of custody to maintain.

Data Triage Technologies Provides Comprehensive Computer Forensics, Electronic Discovery, Electronic Data Discovery, Data Recovery, Data Management, Intrusion Prevention, Network Security Audit, and Expert Witness Services to the legal communities in California and throughout the United States.

Author: Meshaal McLean

Tips To Protect Your Server From Getting Hacked

Monday, September 15th, 2008

Generally as we know that when we visit a web page or when you interact with any web application on internet, some of the information pertaining to us will be stored on the server. When the hackers enter into a hosting server they will try to obtain the root access of your server and will know the confidential database details, which are restricted to the regular visitors. They crack the personal information about the user and steal credit card numbers, which the user submit while making a purchase through the website.

Have doubt on how this hacking on your server takes? Want to know more how the servers are hacked and how we can protect our servers from being hacked?

Being able to run this server-side scripting language or the data in transit is not protected or not encrypted are the reasons to hack, most of the time. Different hackers use different ways, often called white hat hackers and black hat users. These white hat hackers find the security flaw in a script of a website or software and make it public, where as black hat users are malicious hackers, who tamper illegally with software installed in your computers and tell other users about how to do the same.

Finding hackers breaking into your server is difficult to find, as they are not easy to spot. The script kiddies utilize free software hacking programs called “exploits” and distribute them over the internet.
When you suspect malicious software programs, you must be able to react quickly to minimize the outbreak. If your server is prone to an attack by a hacker, here are some tips on how you can protect your server:

1. Disconnect the system from the network

If you suspect your server is infected, then you simply disconnect the system from the network to avoid from any infected programs. Rather than fixing the current problem, leave the system on the network and document this reports in your incident response plan.

2. Discover the method used by the hacker

Know the methods hackers use to overcome the problem, as they use different types of hacking technologies. Using software tools like tripwire, you can identify the files whether any they are uploaded, added or changed on the system. Also find the owner of the files to let you know what is the application used by the hacker to get into server breaking. Investigate the files that were uploaded on the server system which might provide the valuable information about the attack against your server.

3. Information from the running scripts launched by the attacker

Use the lsof (list open files) commands in the system which includes the disk files, pipes, network sockets, the user who owns them, and devices opened by all the processes through which you can find the source of the attack from this information. Also use rootkit detection tools like rkhunter or chkrootkit to scan the possible local exploits to identify and detect the common attacks. It also performs checks to see if commands have been modified, and various checks on the network interfaces.

4. Stop all the attacker scripts and remove the files

Now that when you have identified the cause of the attack on the server you can safely eradicate the running scripts launched by the attacker and remove all the files and save them in a different location for further investigation. Once we know the method used by the hackers, we can stop it and restore the network connection like mail, DNS etc.

These steps are obviously helpful to some extent in restoring the server system from variety of attacks which you might encounter and can be used as a baseline to develop your own plan of actions. Also you can go for the Data Triage Intrusion Detection and Prevention Products, which provide comprehensive and easy to use protection against current and emerging threats at both the application and network layer. www.Datatriage.com, a leading expert in Network Security Auditing and Network Vulnerability Services.

Intrusion Detection System Logs as Evidence and Legal Aspects

Wednesday, February 20th, 2008

Modern techniques and methodologies for detecting attacks and malicious activities on computers and networks have evolved a lot over the last couple of years. The need for detecting intrusion attempts before the actual attack simplifies the job of securely administering computer networks. Often an attacker will probe different ports and services on a network to get intelligence about the structure of the network. Afterwards how and what services can be compromised is decided. This is a common strategy applied by most of the attackers and this is where Intrusion Detection Systems (IDS) comes in. They simplify the job of detecting attacks well before the actual attack by tracing the trails that the attacker leaves while gathering intelligence about a network. Government legislations however often act as a barrier in accessing/ monitoring private communications. This article will particularly focus on the potential of using IDS logs as evidence in legal proceedings. It will also address the Commonwealth Telecommunication Interception Act to identify some conflicting issues that at some extent acts as a barrier for deployment of IDS tools.

(more…)

Antiforensics Practices Can Complicate E-Discovery Investigations

Sunday, October 7th, 2007

With the rise of e-discovery, attorneys have necessarily become acquainted with the inner workings of computer systems. File system metadata is often crucial to proving critical points at trial, and computer forensics has shown itself to be an essential tool for discovering lost files and revealing hidden metadata.

But as the lawyers and investigators grow more sophisticated in their search for information, so do the people wishing to hide their misdeeds and confuse those on their trail.

“Antiforensics” – an approach to computer hacking meant to make detection difficult and proof of detection next to impossible – stands to make life miserable for attorneys and computer forensics experts in the coming years. In practice, antiforensics can involve sophisticated software and methods, but can also include the use of simple hacks and workarounds that can hide files and even change file system metadata.

Much of the antiforensics software out there is readily available and intuitive to operate, making it more and more likely that e-discovery investigations will overlook crucial evidence as a result of antiforensic techniques. The simplification of antiforensic software tools makes up a large part of the reason for the recent upswing in the use of antiforensic practices.

For instance, there are user-friendly tools that can change the timestamp of a file to make it look like the file was created in the future, accessed twenty years ago and never modified. This can cause files to slip through the cracks when e-discovery investigators conduct searches for files created or modified during the relevant time period for the investigation.

Another type of program will separate a file into several pieces, then insert it into the empty space at the end of other files. The extra information shows up as random noise, making it incredibly difficult to reassemble the hidden file – unless you know how the file was split up.

Similarly, data can be inserted into seemingly innocuous file types in order to cover up its existence. Thus, smoking gun email messages could theoretically be hidden inside a JPEG file as a way to transmit them while avoiding detection.

Encryption can also hinder investigations. By partitioning a hard drive and encrypting one of the resulting sections, then partitioning and encrypting again, individuals can hide information very effectively. The information on the second encrypted partition won’t show up to forensic tools, appearing instead as random digital garbage.

While forensic investigators can eventually discover that these techniques have been used, it may come too late to help a case. Moreover, it may be impossible to determine who changed the metadata associated with the file, which could lessen the chances of imposing spoliation sanctions.

The saving grace for e-discovery in the face of antiforensic practices is the fact that most EDD investigations involve massive amounts of data, with no easy way to sift through it. A party seeking to cover up evidence after a litigation hold has commenced would have a difficult time both remembering which files were potentially damaging and locating the files so as to hide them.

Someone engaging in deliberate fraud or other legal transgressions, however, could systematically hide files or alter metadata as they commit their misdeeds to prevent the discovery of incriminating evidence. This means that the most egregious sorts of behaviour could end up becoming the most difficult ones to gather electronically stored information for.

Clearly, as the antiforensic tools and techniques become ever simpler, the life of the e-discovery attorney will grow ever more complex as well.

Electronic Discovery

(Source : www.ediscoverynavigator.com/data_recovery/index.html)

Intrusion detection guide

Thursday, September 13th, 2007

With the growing use of internet the threats attached to it are also growing. As more and more people are getting dependent on internet, the hackers are inventing new ways to intrude into their systems and cause havoc for them. By intruding or by gaining unauthorized access to their computers the hackers can access confidential information or can simply destroy their system and derive sadistic pleasure out of it. Thus, Intrusion Detection Systems (IDS) have become the need of the hour. (more…)